Cybercrime cost British businesses over a billion pounds in losses last year according to the UK’s national fraud and cybercrime centre and Get Safe Online.
The 1 billion figure is big (but probably only a percentage of the true sum). More significant, however, is the percentage rise: 22%. As a figure showing a criminal trend rise, that’s pretty horrifying.
This is the boom time for cybercriminals. Like any criminal, they are quickly hitting the soft underbelly of businesses. They see opportunities (of which there are many) and exploit it; again and again and again. Then, when measures are put in place and it stops working, they adopt new approaches. Throughout the history of crime, it’s what criminals do, have always done and always will do. This is why we see different types of attack trending so steeply (mandate fraud at 66%). Next year it will be another attack type.
The vulnerable underbelly is particularly soft because “cybercrime” sounds complicated, and organisations and people think that the solution must be complicated and only understood by a few “techy types”….and if it’s complicated, it must be expensive right? So this creates a paralysis of action; a result of which is that cyber criminals gleefully help themselves to the free goodies on offer.
The belief that it’s complicated is widespread, and sadly, there are many people who are happy to perpetuate the myth. But it’s not complicated. Many of the methods used by cybercriminals can be significantly mitigated with little or no expensive technical intervention. Most Small to Medium Enterprises can protect themselves from these type of attacks (and most others) by putting into place basic steps and basic awareness. These measures cost less than four figures per year (and we let people pay monthly if they want).
In the same way as 100% burglary prevention can never be guaranteed, the same applies to cyber-crime. But also just like burglary prevention, you can prevent nearly all of it by introducing a few basic steps. For most organisations that is enough. Others will have to do more, depending on the nature of their business and their size but that’s also no different to other crime prevention challenges.
Preventing cyber warfare, cyber terrorism, espionage and other types of Hollywoodesque type attacks are different issues which require additional measures for a much, much smaller subset of businesses. Don’t let those dramatic stories distract you from doing the equivalent of locking your door, setting your alarm, switching on your CCTV and teaching your staff not to leave the till open and the safe unlocked – it’s that simple for most.
Schemes like Cyber Essentials represents the basics and most common forms of protection and it’s broken down into 5 easy to understand and easy to implement areas. PGI has an on-line user-friendly Cyber Services Portal which will guide organisations through every step of the short process and help to educate and assure small businesses on the cyber threat and how to safely and affordably combat it.
Oh, and it’s a bit tough to point the finger at the police about the crime figures. If crimes aren’t reported, it’s rather difficult for a police service to either solve them or establish trends about which they can provide sensible practical advice and warnings to the public. They care about it and are investing a lot of effort into training officers to keep abreast of a quickly shifting crime wave. We know because we train some of them. Like all crime, Cybercrime will always exist. However, there is absolutely no need for the growth rate to be at epidemic levels. That bit is pretty straightforward and cheap for us all to fix.